Lucene search
K

9242 matches found

OSV
OSV
added 2019/03/25 7:29 p.m.1 views

CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 the fixed version for 6.6.x, from version 6.7.0 before 6.8.5 the fixed version for 6.8.x, and from version 6.9.0 before 6.9.3 the fixed version for 6.9.x allows remote attackers to send arbitrary HTTP and WebD...

9.8CVSS7.5AI score0.06712EPSS
Exploits0References1
Prion
Prion
added 2019/03/25 7:29 p.m.20 views

Server side request forgery (ssrf)

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 the fixed version for 6.6.x, from version 6.7.0 before 6.8.5 the fixed version for 6.8.x, and from version 6.9.0 before 6.9.3 the fixed version for 6.9.x allows remote attackers to send arbitrary HTTP and WebD...

7.5CVSS9.4AI score0.06712EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2019/03/25 6:37 p.m.19 views

CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 the fixed version for 6.6.x, from version 6.7.0 before 6.8.5 the fixed version for 6.8.x, and from version 6.9.0 before 6.9.3 the fixed version for 6.9.x allows remote attackers to send arbitrary HTTP and WebD...

9.4AI score0.06712EPSS
Exploits0References1
Veracode
Veracode
added 2019/03/22 3:23 a.m.20 views

Server-Side Request Forgery (SSRF)

moodle/moodle is vulnerable to server-side request forgery SSRF. An attacker is able to submit requests on behalf of the server via the editblog.php script that allows adding of external RSS feed resources. A malicious URL/TCP PORT can be added as an RSS feed resource which would cause the server...

7.5CVSS7.4AI score0.01201EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2019/03/22 1:57 a.m.14 views

50m-ctf: Several vulnerabilities lead to Remote Code Execution and Arbitraty File Read on multiple servers

Summary: - Tweeted image contained URL https://bit.do/h1therm to download an APK - APK API 35.243.186.41 is vulnerable to SQL Injection on username parameter and leaked location of server 104.196.12.98 through the devices table - Login form on 104.196.12.98 is vulnerable to timing attack on hash...

8AI score
Exploits0
Prion
Prion
added 2019/03/21 4:1 p.m.15 views

Server side request forgery (ssrf)

Moodle 3.5.x before 3.5.4 allows SSRF...

6CVSS7.5AI score0.01201EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/03/21 4:0 p.m.19 views

Server side request forgery (ssrf)

OX App Suite 7.8.4 and earlier allows SSRF...

5.5CVSS5.5AI score0.00852EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/03/13 12:0 a.m.4 views

PT-2019-6447 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.6 before patch 13 Zimbra Collaboration Suite versions 8.7.x before 8.7.11 patch 10 Zimbra Collaboration Suite versions 8.8.x before 8.8.10 patch 7 Zimbra Collaboration Suite versions 8.8.x before 8.8.11...

7.8CVSS7.4AI score0.80906EPSS
Exploits10References24
UbuntuCve
UbuntuCve
added 2019/03/08 9:29 p.m.28 views

CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

7.5CVSS7.2AI score0.19442EPSS
Exploits0References2
Prion
Prion
added 2019/03/08 9:29 p.m.22 views

Server side request forgery (ssrf)

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

5CVSS7.5AI score0.19442EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2019/03/08 9:29 p.m.18 views

CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

7.5CVSS7.5AI score
Exploits0References12
Cvelist
Cvelist
added 2019/03/08 9:0 p.m.27 views

CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

7.6AI score0.19442EPSS
Exploits0References12
CVE
CVE
added 2019/03/08 9:0 p.m.105 views

CVE-2017-3164

CVE-2017-3164 is an SSRF vulnerability in Apache Solr affecting Log Analysis (IBM) versions 1.3.1–1.3.6 (Solr 1.3.x to 7.6). The shards parameter lacks a whitelist, allowing remote attackers with server access to trigger HTTP GET requests to any reachable URL. Connected Nessus/NASL entries corrob...

7.5CVSS7.4AI score0.19442EPSS
Exploits0References12Affected Software1
Debian CVE
Debian CVE
added 2019/03/08 9:0 p.m.21 views

CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

7.5CVSS7.6AI score0.19442EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/05 12:0 a.m.24 views

Atlassian JIRA < 7.6.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An...

6.1CVSS5.9AI score0.00899EPSS
Exploits0References6
Debian
Debian
added 2019/02/28 10:6 p.m.151 views

[SECURITY] [DSA 4399-1] ikiwiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4399-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2019 https://www.debian.org/security/faq -...

7.5CVSS7.6AI score0.01699EPSS
Exploits0
CNVD
CNVD
added 2019/02/21 12:0 a.m.3 views

CloudBees Jenkins OctopusDeploy Plugin Server Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . OctopusDeploy Plugin is used in which a...

4.3CVSS6.9AI score0.01034EPSS
Exploits0References1
NVD
NVD
added 2019/02/20 9:29 p.m.12 views

CVE-2019-1003028

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint...

4.3CVSS4.5AI score0.00674EPSS
Exploits0References2
NVD
NVD
added 2019/02/20 9:29 p.m.18 views

CVE-2019-1003027

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception...

4.3CVSS4.7AI score0.01034EPSS
Exploits0References2
Prion
Prion
added 2019/02/20 9:29 p.m.15 views

Server side request forgery (ssrf)

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint...

4CVSS4.6AI score0.00674EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder